Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Experiences in Privacy Engineering
36
1 © Nokia 2016 Experiences in Privacy Engineering: Public Dr. Ian Oliver Bell Labs, Finland 25 May 2016 A Lecture Given to Forum för DataSkydd / IAPP, Stockholm, Sweden
-
Upload
ian-oliver -
Category
Technology
-
view
296 -
download
0
Transcript of Experiences in Privacy Engineering
1 © Nokia 2016
Experiences in Privacy Engineering:
Public
Dr. Ian Oliver
Bell Labs, Finland
25 May 2016
A Lecture Given to Forum för DataSkydd / IAPP, Stockholm, Sweden
2 © Nokia 2016
Alternatively...
Public
The joys of being an engineer in a lawyer dominated world...
3 © Nokia 2016
Public
a long time ago in a research department far far away...
4 © Nokia 2016
Public
My job at the time:
Privacy auditing mobile device applications and associated infrastructure from an engineering perspective...
5 © Nokia 2016
Public
My job at the time:
Privacy auditing mobile device applications and associated infrastructure from an engineering perspective...
or: go and invent how to do this because no-one else has/can/wants to, and the engineers really don’t want to speak to the lawyers anymore,the lawyers don’t want to the speak to the engineers, etc...
6 © Nokia 2016
We developed:
• Epics and Use cases for Privacy
• Checklists
• Software Development Process Integration
• Audit Procedures
- integrated non-functional areas: privacy, secuity, performance, continuity
and the result was...
7 © Nokia 2016
Failure
8 © Nokia 2016
Why didn’t it work?
• Despite highly trained personel
- Cessna Single Engine Failure
• FLY THE AIRCRAFT
- Air France AF447
• To much adherence to process
- Processes tell everyone the order of what to do
- Difficulty in handling exceptions and experts
- Aviation Checklists are status checks used to ensure due dilligence in preparation for the next and future phases of flight.
• Checklist replaced responsibility and expertise
- For both the auditor and develoment teams
• Tick-box oriented
- Ask questions, Accept answers, TICK!
- Limited understanding and context of naswers
• Limited time-scale
- One-off review
9 © Nokia 2016
?
10 © Nokia 2016
We developed:
• Simpler ”Checklists”
• Training Courses
• Realised that no-one understood each other
• Tried to ban the terms ”PII” and ”Personal Data”
• Tried to formulate requirements
• Introduced more risk management ideas, eg: RCA, FMEA
and the result was...
11 © Nokia 2016
Failure
12 © Nokia 2016
What’s the problem now?
• Communication
• Emphasis on process over method
• Lack of understanding of role
• Lack of both legal and engineering techniques
• The privacy organisation itself
13 © Nokia 2016
What’s the problem?
• Actually it was much worse
• So much emphasis on ’compliance’
14 © Nokia 2016
Compliance
is fragile
Public
char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no
void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...
}
void checkDataCollection(){switch(collectDataFlag){
case 'N' :// don't do anything
case 'Y' :// ok to collect everythingcollectDataFunction();
}}
15 © Nokia 2016
????!!!
16 © Nokia 2016
Just 3 things to solve...
• Communication, Structure and Semantics
• Culture
• The Privacy Engineer/Officer/Lawyers’ role(s)
17 © Nokia 2016
17
A quick introduction to surgical infection control
© 2013 HERE | Title | Author | Company confidential
18 © Nokia 2016
18
A quick introduction to surgical infection control
© 2013 HERE | Title | Author | Company confidential
seriously!
19 © Nokia 2016
19
The Sterile Field
© 2013 HERE | Title | Author | Company confidential
Key:
• Sterile
• Non-sterile
20 © Nokia 2016
20
The Sterile Field
© 2013 HERE | Title | Author | Company confidential
Key:
• Sterile
• Non-sterile
Movement of materials from one area to the other must be controlled to prevent contamination of the sterile field with non-sterile items
Strict protocols prevent contamination
21 © Nokia 2016
21
Serendipity
© 2013 HERE | Title | Author | Company confidential
or...how to retain sanity in a rapidly changing, chaotic environment where you don’t know anything and there’s no rule book or process...
22 © Nokia 2016
Just 3 things to solve (reprise)...
• Communication, Structure and Semantics
• Culture
• The Privacy Engineer/Officer/Lawyers’ role(s)
Already solved...in other fields
23 © Nokia 2016
Communication, Structure and Semantics
Public
24 © Nokia 2016
Communication, Structure and Semantics
Probably not personal data/ Probably personal data
25 © Nokia 2016
Communication, Structure and Semantics
Forget process, just get the information about what’s going on...
26 © Nokia 2016
Culture
privacy breach
27 © Nokia 2016
Public
Culture
28 © Nokia 2016
Public
Roles
R&D Team Checklist
(before review)
R&D Team Checklist
(post-review)
Audit Team Checklist(sign-in)
Audit Team Checklist
(time-out)
Audit Team Checklist(sign-out)
Project development & processes (time)
System
under
auditPrivacy
Officer
Legal
Security
Architects
29 © Nokia 2016
Public
Roles
R&D Team Checklist
(before review)
R&D Team Checklist
(post-review)
Audit Team Checklist(sign-in)
Audit Team Checklist
(time-out)
Audit Team Checklist(sign-out)
Project development & processes (time)
System
under
auditPrivacy
Officer
Legal
Security
Architects
the process does not and can not stop because of lack of compliance....
30 © Nokia 2016
Traditional Compliance Must Go
Public
31 © Nokia 2016
Public
No system is a black box
32 © Nokia 2016
Public
Your job as privacy professionals is to understand the state of the system – regardless of whether it is good or bad – before moving on...
There can be no privacy heroes
33 © Nokia 2016
Public
Treat privacy as a safety-critical aspect
34 © Nokia 2016
The 3 things to solve in summary...
• Communication, Structure and Semantics
• Culture
• The Privacy Engineer/Officer/Lawyers’ role(s)
35 © Nokia 2016
Public
If only someone would write a book on this?
